| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok miod@, doug@
|
| |
|
|
|
|
|
| |
Aq is not the same as <> in non-ASCII situations, so this caused
incorrect output in some places. And it provided no semantics besides.
ok schwarze@
|
| |
|
|
|
|
| |
the correct return value. Prefer memcmp() anyway for portability.
ok jsing@ tedu@
|
| |
|
|
| |
ok jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you didn't enable deprecated code, there were missing err.h and
bn.h includes. This commit allows building with or without deprecated
code.
This was not derived from an OpenSSL commit. However, they recently
enabled OPENSSL_NO_DEPRECATED in git and fixed these header problems
in a different way.
Verified with clang that this only changes line numbers in the generated
asm.
ok miod@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is effectively a reimplementation of the functionality provided by
the previously removed c_rehash Perl script. The c_rehash script had a
number of known issues, including the fact that it needs to run openssl(1)
multiple times and that it starts by removing all symlinks before
putting them back, creating atomicity issues/race conditions, even when
nothing has changed.
certhash is self-contained and is intended to be stable - no changes
should be made unless something has actually changed. This means it can
be run regularly in a production environment without causing certificate
lookup failures.
Further testing and improvements will happen in tree.
Discussed with tedu@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This has the same functionality as the previous version, however uses the
new option handling code, uses SSL_CIPHER_get_value() since we no longer
care about SSlv2 cipher suites and uses standard I/O functions instead of
BIO functions.
ok beck@ doug@
|
| |
|
|
|
|
|
|
|
|
| |
From OpenSSL commits:
6f91b017bbb7140f816721141ac156d1b828a6b3
75d0ebef2aef7a2c77b27575b8da898e22f3ccd5
a2b18e657ea1a932d125154f4e13ab2258796d90
ok miod@, jsing@
|
| |
|
|
|
|
|
|
|
|
| |
HP-UX defines BSIZE in its <sys/param.h>, and there is a route where its
getting included as a side-effect. I tracked back to at least from HP-UX 9.0
ca. 1993, up to the latest, so the user namespace is polluted.
from kinichiro <kinichiro.inoguchi@gmail.com>
ok miod@, jsing@
|
| |
|
|
| |
input + ok jsing@
|
| |
|
|
| |
input + ok jsing@
|
| |
|
|
| |
OK jmc@
|
| |
|
|
|
|
| |
proxy. Implement the -proxy feature in the same hackish way as
-starttls.
OK jsing@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- Check the return value of every relevant function call.
- If BIO_new() returns NULL instead of a valid BIO, do not attempt to
blindly use the NULL value as a BIO throughout the rest of the code.
- Ensure that bio_out is freed by BIO_free_all() at the end of all
error paths.
ok doug@
|
| |
|
|
| |
input + ok jsing@
|
| |
|
|
|
| |
Minor KNF in a few places too.
input + ok jsing@
|
| |
|
|
|
|
|
| |
Also, removed a few useless if null checks.
input from bcook@
input + ok jsing@
|
| |
|
|
| |
ok doug@
|
| |
|
|
|
|
| |
this man page.
ok jsing@
|
| |
|
|
|
|
| |
also check the return value of an adjacent malloc() call.
ok jsing@
|
| |
|
|
|
|
|
| |
apart from introducing a bug where the -elapsed option is not listed in
the usage output when it should be.
feedback/ok bcook@ jsing@
|
| |
|
|
| |
option.
|
| |
|
|
| |
With input from doug@
|
| | |
|
| |
|
|
| |
option type. In this case process the option as per normal.
|
| |
|
|
|
| |
arbitrary number of arguments. This will allow for more complex option
handling as required by some of the openssl(1) applications.
|
| |
|
|
| |
(as currently only implemented by some of the openssl(1) applications).
|
| |
|
|
|
| |
that it has consumed. This allows for the handling of multiple unnamed
arguments, including lists of filenames.
|
| |
|
|
|
|
|
| |
silently accept multiple unnamed arguments, ignoring all except the last.
This behaviour was already inconsistent between openssl(1) applications;
apply the principal of least surprise. This will also simplify the addition
of upcoming functionality.
|
| | |
|
| |
|
|
|
| |
allows for simpler code in the common cases and will allow for further
extension to support the complex cases.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Sync cipher strings with the ones that are actually implemented.
- Remove CIPHERS SUITE NAMES (the actual cipher suites can be obtained
via "openssl ciphers -v"), CIPHERS NOTES, and CIPHERS HISTORY
sections.
- Stop mentioning export cipher suites since they have already been
removed.
feedback from deraadt@ and jmc@
ok jmc@
|
| | |
|
| |
|
|
|
|
| |
"openssl dgst".
feedback/ok jmc@
|
| |
|
|
| |
EC_GROUP_free() all have implicit NULL checks.
|
| | |
|
| |
|
|
| |
Based on OpenSSL.
|
| |
|
|
| |
From Benjamin Baier <programmer at netzbasis.de>
|
| |
|
|
| |
From Minux Ma.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Several functions that need to be redefined for a Windows port are right
in the middle of other code that is relatively portable. This patch
isolates the functions that need Windows-specific implementations so
they can be built conditionally in the portable tree.
Add calls to BIO_sock_init() as-needed to openssl(1) so that socket IO works on
Windows. Sorry, these are no-op on other platforms.
ok jsing@ deraadt@
|
| |
|
|
|
|
| |
conversions in the tree, because the original code is very rotten and
fragile. Please test and report any failures.
Assistance from millert, bcook, and jsing.
|
| |
|
|
| |
Also looked at by bcook
|
| | |
|
| |
|
|
| |
ok deraadt@ millert@ tedu@
|
| | |
|
| |
|
|
| |
Based on a diff from Rusty (rustyl at outband dot net) and OpenSSL.
|
| |
|
|
| |
which was already done for libssl some time back.
|
| | |
|
| | |
|
